Configure key-based SSH authentication

IMPORTANT: Before following the steps below, ensure that your application server is running.

To configure the SSH server to support key-based authentication, follow these steps:

  • Log in to the server console as the bitnami user.

  • Create a key pair, consisting of a public and private key, as shown below. Set a long passphrase when prompted.

    $ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/bitnami/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/bitnami/.ssh/id_rsa.
    Your public key has been saved in /home/bitnami/.ssh/id_rsa.pub.
    The key fingerprint is:
    XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX bitnami@linux

    This command should create two files named id_rsa and id_rsa.pub in the /home/bitnami/.ssh directory.

  • Copy the private key file named id_rsa to a secure location. Do not share this private key file.

  • Transfer the contents of the public key file to the /home/bitnami/.ssh/authorized_keys file:

    $ cd /home/bitnami/.ssh
    $ cat id_rsa.pub >> /home/bitnami/.ssh/authorized_keys
  • Edit the /etc/ssh/sshd_config and uncomment (or add if not already present) the following lines:

    RSAAuthentication yes
    PubkeyAuthentication yes
  • In the same file, disable basic password authentication:

    ChallengeResponseAuthentication no
    PasswordAuthentication no
    UsePAM no
  • Restart the SSH server for the new configuration to take effect:

    $ sudo /etc/init.d/ssh force-reload

You can now use the private key file to connect to the virtual machine using SSH.

Last modification July 24, 2020